Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
22.467 exploits
Exploit-DB
Wordpress Plugin Elementor 3.5.5 - Iframe Injection
CVE-2022-495308 sep 2023
Elementor < 3.5.5 - Iframe Injection
23RIESGO
abrir
Exploit-DB
SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection
CVE-2023-4548MEDIUM08 sep 2023
SPA-Cart eCommerce CMS GET Parameter search sql injection
38RIESGO
abrir
Exploit-DB
Axigen < 10.3.3.47_ 10.2.3.12 - Reflected XSS
CVE-2022-3147008 sep 2023
An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12
50RIESGO
abrir
Exploit-DB
Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities
CVE-2023-3472308 sep 2023
An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information
23RIESGO
abrir
Exploit-DB
Hyip Rio 2.1 - Arbitrary File Upload
CVE-2023-4382LOW04 sep 2023
tdevs Hyip Rio Profile Settings settings cross site scripting
28RIESGO
abrir
Exploit-DB
AdminLTE PiHole 5.18 - Broken Access Control
CVE-2022-23513MEDIUM04 sep 2023
Pi-Hole/AdminLTE vulnerable due to improper access control in queryads endpoint
45RIESGO
abrir
Exploit-DB
Credit Lite 1.5.4 - SQL Injection
CVE-2023-4407MEDIUM04 sep 2023
Codecanyon Credit Lite POST Request account_statement sql injection
33RIESGO
abrir
Exploit-DB
SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS
CVE-2023-4547LOW04 sep 2023
SPA-Cart eCommerce CMS search cross site scripting
55RIESGO
abrir
Exploit-DB
WP Statistics Plugin 13.1.5 current_page_id - Time based SQL injection (Unauthenticated)
CVE-2022-25148CRITICAL04 sep 2023
WP Statistics <= 13.1.5 Unauthenticated Blind SQL Injection via current_page_id
85RIESGO
abrir
Exploit-DB
FileMage Gateway 1.10.9 - Local File Inclusion
CVE-2023-3902604 sep 2023
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker t
43RIESGO
abrir
Exploit-DB
Ivanti Avalanche <v6.4.0.0 - Remote Code Execution
CVE-2023-32560HIGH04 sep 2023
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disrup
78RIESGO
abrir
Exploit-DB
Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated)
CVE-2023-3775921 ago 2023
Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticat
23RIESGO
abrir
Exploit-DB
TP-Link Archer AX21 - Unauthenticated Command Injection
CVE-2023-1389HIGHbajo ataque10 ago 2023
TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability i
100RIESGO
abrir
Exploit-DB
Pyro CMS 3.9 - Server-Side Template Injection (SSTI) (Authenticated)
CVE-2023-2968908 ago 2023
PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template in
35RIESGO
abrir
Exploit-DB
Social-Commerce 3.1.6 - Reflected XSS
CVE-2023-4174LOW08 ago 2023
mooSocial mooStore cross site scripting
43RIESGO
abrir
Exploit-DB
mooSocial 3.1.8 - Reflected XSS
CVE-2023-4173LOW08 ago 2023
mooSocial mooStore index cross site scripting
43RIESGO
abrir
Exploit-DB
Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure
CVE-2023-4168MEDIUM08 ago 2023
Templatecookie Adlisting Redirect ad-list information disclosure
60RIESGO
abrir
Exploit-DB
Emagic Data Center Management Suite v6.0 - OS Command Injection
CVE-2023-37569HIGH08 ago 2023
OS Command Injection Vulnerability in Emagic Data Center Management Suite
46RIESGO
abrir
Exploit-DB
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access
CVE-2023-279604 ago 2023
EventON < 2.1.2 - Unauthenticated Event Access
50RIESGO
abrir
Exploit-DB
PHPJabbers Night Club Booking 1.0 - Reflected XSS
CVE-2023-4114MEDIUM04 ago 2023
PHP Jabbers Night Club Booking Software index.php cross site scripting
48RIESGO
abrir
Exploit-DB
Shelly PRO 4PM v0.11.0 - Authentication Bypass
CVE-2023-3338304 ago 2023
Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to trigger a BLE out of bounds read fault condition t
23RIESGO
abrir
Exploit-DB
Academy LMS 6.0 - Reflected XSS
CVE-2023-4119MEDIUM04 ago 2023
Academy LMS courses cross site scripting
33RIESGO
abrir
Exploit-DB
PHPJabbers Rental Property Booking 2.0 - Reflected XSS
CVE-2023-4117MEDIUM04 ago 2023
PHP Jabbers Rental Property Booking index.php cross site scripting
33RIESGO
abrir
Exploit-DB
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR
CVE-2023-321904 ago 2023
EventON < 2.1.2 - Unauthenticated Post Access via IDOR
38RIESGO
abrir
Exploit-DB
PHPJabbers Taxi Booking 2.0 - Reflected XSS
CVE-2023-4116MEDIUM04 ago 2023
PHP Jabbers Taxi Booking index.php cross site scripting
48RIESGO
abrir
Exploit-DB
PHPJabbers Service Booking Script 1.0 - Reflected XSS
CVE-2023-4113MEDIUM04 ago 2023
PHP Jabbers Service Booking Script index.php cross site scripting
48RIESGO
abrir
Exploit-DB
PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS
CVE-2023-4112MEDIUM04 ago 2023
PHP Jabbers Shuttle Booking Software index.php cross site scripting
48RIESGO
abrir
Exploit-DB
WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS
CVE-2023-37979HIGH04 ago 2023
WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Cross Site Scripting (XSS)
56RIESGO
abrir
Exploit-DB
PHPJabbers Cleaning Business 1.0 - Reflected XSS
CVE-2023-4115MEDIUM04 ago 2023
PHP Jabbers Cleaning Business index.php cross site scripting
48RIESGO
abrir
Exploit-DB
Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)
CVE-2023-3914731 jul 2023
An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafte
23RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.